How It Works
When an incident is detected, Kestrel automatically:- Searches connected knowledge sources for relevant context
- Finds similar past incidents and their resolutions
- Locates runbooks and documentation for affected services
- Surfaces team discussions about the affected systems
- Retrieves postmortems and lessons learned from related incidents
Supported Sources
| Source | Auth Method | What It Searches |
|---|---|---|
| Slack | Kestrel App (no extra setup) | Messages and threads for relevant discussions |
| Confluence | OAuth (via Confluence integration) | Wiki pages, runbooks, postmortems, architecture docs |
| Jira | OAuth (via Jira integration) | Issues, comments, and postmortems |
| Linear | OAuth (via Linear integration) | Issues, projects, and comments |
| Notion | Internal Integration Token | Pages and databases |
| Glean | API Key | Enterprise-wide search across all connected tools |
Setup
Adding a Source
Authenticate
Follow the source-specific instructions below. Sources that have a dedicated integration (Slack, Confluence, Jira, Linear) are auto-detected when that integration is already connected.
Slack
Slack uses the same Kestrel app as incident notifications. No additional credentials are required. Prerequisite: Your Slack workspace must be connected via the Slack Integration.- Select Slack as the source type
- If connected, you’ll see a green confirmation
- Click Enable Slack Search
Confluence
If Confluence is connected via the Confluence Integration, it’s auto-detected. Otherwise:- Go to id.atlassian.com/manage-profile/security/api-tokens
- Create an API token
- Enter your Email Address, API Token, and Base URL (e.g.,
https://yourcompany.atlassian.net)
Jira
If Jira is connected via the Jira Integration, it’s auto-detected. Otherwise:- Go to id.atlassian.com/manage-profile/security/api-tokens
- Create or reuse an Atlassian API token
- Enter your Email Address, API Token, and Base URL
Linear
If Linear is connected via the Linear Integration, it’s auto-detected. Otherwise:- Go to linear.app/settings/account/security
- Create a Personal API Key
- Paste the key in the API Key field
Personal API keys have the same permissions as your user account. Consider using a service account for production.
Notion
- Go to notion.so/my-integrations and create a new integration
- Copy the Internal Integration Secret token
- Important: Share the pages/databases you want searchable with your integration
- Paste the token in the API Key field
- Optionally enter a Workspace ID
You must explicitly share each Notion page or database with the integration for it to be searchable.